ckotzbauer
commented
1 month ago Thanks @devRoemer for your bug-report. I released 0.26.1 with a better error-handling on this code-location. I assume that grype can't match a vulnerability for some reasons. You can see the new message in the log. Let's keep this issue open until it is resolved.
Hey Christian, starting with 0.23.0 i get the error "invalid memory address or nil pointer dereference". See debug logs below.
In addition, i tested the versions 0.24.0, 0.25.0 and 0.26.0 where the error also appears. Version 0.22.0 was still working.
Looking at the history between those two verrsions there are only two commits with code changes but those don't seem to be related: https://github.com/ckotzbauer/vulnerability-operator/commit/6a87a172e3cc3c16d6b4d7805056deb219ad9984 https://github.com/ckotzbauer/vulnerability-operator/commit/d08c827364d7d3cd2238cc816002e415507312e4
To me it looks like the error was introduced by lib updates.
time="2024-08-12T10:21:04Z" level=info msg="Version: 0.26.0" time="2024-08-12T10:21:04Z" level=info msg="Commit: xxxxx time="2024-08-12T10:21:04Z" level=info msg="Buit at: 2024-07-14T07:32:01Z" time="2024-08-12T10:21:04Z" level=info msg="Buit by: goreleaser" time="2024-08-12T10:21:04Z" level=info msg="Go Version: go1.22.5" time="2024-08-12T10:21:04Z" level=debug msg="Cron set to: 0 0 * * * *" time="2024-08-12T10:21:04Z" level=debug msg="Sources set to: [git]" time="2024-08-12T10:21:04Z" level=debug msg="Targets set to: [metrics]" time="2024-08-12T10:21:04Z" level=debug msg="Next background-service run at: 2024-08-12 11:00:00 +0000 UTC" time="2024-08-12T10:21:04Z" level=info msg="Webserver is running at port 8080" time="2024-08-12T11:00:00Z" level=info msg="Execute background-service" Enumerating objects: 86800, done. Counting objects: 100% (1888/1888), done. Compressing objects: 100% (615/615), done. Total 86800 (delta 1273), reused 1721 (delta 1106), pack-reused 84912 time="2024-08-12T11:07:13Z" level=debug msg="Git-Repository is prepared!" time="2024-08-12T11:07:13Z" level=debug msg="Load vulnerability database" 2024/08/12 11:12:00 cron: panic running job: runtime error: invalid memory address or nil pointer dereference goroutine 1346 [running]: github.com/robfig/cron.(*Cron).runWithRecovery.func1() github.com/robfig/cron@v1.2.0/cron.go:161 +0x65 panic({0x265eb00?, 0x4d08670?}) runtime/panic.go:770 +0x132 github.com/ckotzbauer/vulnerability-operator/internal/vuln/grype.(*Grype).ScanItem(0xc015cc3dd0, {0x35ae890?, 0xc016692390?}) github.com/ckotzbauer/vulnerability-operator/internal/vuln/grype/grype.go:129 +0x662 github.com/ckotzbauer/vulnerability-operator/internal/vuln/daemon.(*CronService).runBackgroundService(0xc00062cac0) github.com/ckotzbauer/vulnerability-operator/internal/vuln/daemon/daemon.go:98 +0x425 github.com/ckotzbauer/vulnerability-operator/internal/vuln/daemon.Start.func1() github.com/ckotzbauer/vulnerability-operator/internal/vuln/daemon/daemon.go:43 +0x17 github.com/robfig/cron.FuncJob.Run(0xc000ca4360?) github.com/robfig/cron@v1.2.0/cron.go:92 +0x12 github.com/robfig/cron.(*Cron).runWithRecovery(0x0?, {0x3596aa0?, 0xc000a80f50?}) github.com/robfig/cron@v1.2.0/cron.go:165 +0x53 created by github.com/robfig/cron.(*Cron).run in goroutine 49 github.com/robfig/cron@v1.2.0/cron.go:199 +0x7c5Chart-Config:
args: cron: "0 0 * * * *" git-branch: master git-repository: https://github.com/name/repo min-severity: low reports-dir: /tmp sources: git targets: metrics verbosity: trace envVars: - name: VULN_GIT_ACCESS_TOKEN valueFrom: secretKeyRef: name: git-access-token-sbom key: token priorityClassName: "cluster-medium" resources: requests: cpu: 100m memory: 2Gi limits: cpu: 1500m memory: 10Gi securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 seccompProfile: null servicemonitor: enabled: true